1. 07 Oct, 2021 3 commits
    • Jakub Kicinski's avatar
      Merge https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf · 7671b026
      Jakub Kicinski authored
      Daniel Borkmann says:
      
      ====================
      pull-request: bpf 2021-10-07
      
      We've added 7 non-merge commits during the last 8 day(s) which contain
      a total of 8 files changed, 38 insertions(+), 21 deletions(-).
      
      The main changes are:
      
      1) Fix ARM BPF JIT to preserve caller-saved regs for DIV/MOD JIT-internal
         helper call, from Johan Almbladh.
      
      2) Fix integer overflow in BPF stack map element size calculation when
         used with preallocation, from Tatsuhiko Yasumatsu.
      
      3) Fix an AF_UNIX regression due to added BPF sockmap support related
         to shutdown handling, from Jiang Wang.
      
      4) Fix a segfault in libbpf when generating light skeletons from objects
         without BTF, from Kumar Kartikeya Dwivedi.
      
      5) Fix a libbpf memory leak in strset to free the actual struct strset
         itself, from Andrii Nakryiko.
      
      6) Dual-license bpf_insn.h similarly as we did for libbpf and bpftool,
         with ACKs from all contributors, from Luca Boccassi.
      ====================
      
      Link: https://lore.kernel.org/r/20211007135010.21143-1-daniel@iogearbox.netSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      7671b026
    • David S. Miller's avatar
      Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ · 578f3932
      David S. Miller authored
      ipsec
      
      Steffen Klassert says:
      
      ====================
      pull request (net): ipsec 2021-10-07
      
      1) Fix a sysbot reported shift-out-of-bounds in xfrm_get_default.
         From Pavel Skripkin.
      
      2) Fix XFRM_MSG_MAPPING ABI breakage. The new XFRM_MSG_MAPPING
         messages were accidentally not paced at the end.
         Fix by Eugene Syromiatnikov.
      
      3) Fix the uapi for the default policy, use explicit field and macros
         and make it accessible to userland.
         From Nicolas Dichtel.
      
      4) Fix a missing rcu lock in xfrm_notify_userpolicy().
         From Nicolas Dichtel.
      
      Please pull or let me know if there are problems.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      578f3932
    • David S. Miller's avatar
      Merge branch '40GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/tnguy/net- · 65f280bb
      David S. Miller authored
      queue
      
      Tony Nguyen says:
      
      ====================
      Intel Wired LAN Driver Updates 2021-10-06
      
      This series contains updates to i40e and iavf drivers.
      
      Jiri Benc expands an error check to prevent infinite loop for i40e.
      
      Sylwester prevents freeing of uninitialized IRQ vector to resolve a
      kernel oops for i40e.
      
      Stefan Assmann fixes a double mutex unlock for iavf.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      65f280bb
  2. 06 Oct, 2021 15 commits
  3. 05 Oct, 2021 9 commits
    • Eric Dumazet's avatar
      netlink: annotate data races around nlk->bound · 7707a4d0
      Eric Dumazet authored
      While existing code is correct, KCSAN is reporting
      a data-race in netlink_insert / netlink_sendmsg [1]
      
      It is correct to read nlk->bound without a lock, as netlink_autobind()
      will acquire all needed locks.
      
      [1]
      BUG: KCSAN: data-race in netlink_insert / netlink_sendmsg
      
      write to 0xffff8881031c8b30 of 1 bytes by task 18752 on cpu 0:
       netlink_insert+0x5cc/0x7f0 net/netlink/af_netlink.c:597
       netlink_autobind+0xa9/0x150 net/netlink/af_netlink.c:842
       netlink_sendmsg+0x479/0x7c0 net/netlink/af_netlink.c:1892
       sock_sendmsg_nosec net/socket.c:703 [inline]
       sock_sendmsg net/socket.c:723 [inline]
       ____sys_sendmsg+0x360/0x4d0 net/socket.c:2392
       ___sys_sendmsg net/socket.c:2446 [inline]
       __sys_sendmsg+0x1ed/0x270 net/socket.c:2475
       __do_sys_sendmsg net/socket.c:2484 [inline]
       __se_sys_sendmsg net/socket.c:2482 [inline]
       __x64_sys_sendmsg+0x42/0x50 net/socket.c:2482
       do_syscall_x64 arch/x86/entry/common.c:50 [inline]
       do_syscall_64+0x3d/0x90 arch/x86/entry/common.c:80
       entry_SYSCALL_64_after_hwframe+0x44/0xae
      
      read to 0xffff8881031c8b30 of 1 bytes by task 18751 on cpu 1:
       netlink_sendmsg+0x270/0x7c0 net/netlink/af_netlink.c:1891
       sock_sendmsg_nosec net/socket.c:703 [inline]
       sock_sendmsg net/socket.c:723 [inline]
       __sys_sendto+0x2a8/0x370 net/socket.c:2019
       __do_sys_sendto net/socket.c:2031 [inline]
       __se_sys_sendto net/socket.c:2027 [inline]
       __x64_sys_sendto+0x74/0x90 net/socket.c:2027
       do_syscall_x64 arch/x86/entry/common.c:50 [inline]
       do_syscall_64+0x3d/0x90 arch/x86/entry/common.c:80
       entry_SYSCALL_64_after_hwframe+0x44/0xae
      
      value changed: 0x00 -> 0x01
      
      Reported by Kernel Concurrency Sanitizer on:
      CPU: 1 PID: 18751 Comm: syz-executor.0 Not tainted 5.14.0-rc1-syzkaller #0
      Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
      
      Fixes: da314c99 ("netlink: Replace rhash_portid with bound")
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Reported-by: default avatarsyzbot <syzkaller@googlegroups.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      7707a4d0
    • Wong Vee Khee's avatar
      net: pcs: xpcs: fix incorrect CL37 AN sequence · e3cf002d
      Wong Vee Khee authored
      According to Synopsys DesignWare Cores Ethernet PCS databook, it is
      required to disable Clause 37 auto-negotiation by programming bit-12
      (AN_ENABLE) to 0 if it is already enabled, before programming various
      fields of VR_MII_AN_CTRL registers.
      
      After all these programming are done, it is then required to enable
      Clause 37 auto-negotiation by programming bit-12 (AN_ENABLE) to 1.
      
      Fixes: b97b5331 ("net: pcs: add C37 SGMII AN support for intel mGbE controller")
      Cc: Vladimir Oltean <vladimir.oltean@nxp.com>
      Signed-off-by: default avatarWong Vee Khee <vee.khee.wong@linux.intel.com>
      Reviewed-by: default avatarVladimir Oltean <vladimir.oltean@nxp.com>
      Tested-by: default avatarVladimir Oltean <vladimir.oltean@nxp.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      e3cf002d
    • Sean Anderson's avatar
      net: sfp: Fix typo in state machine debug string · 25a9da66
      Sean Anderson authored
      The string should be "tx_disable" to match the state enum.
      
      Fixes: 4005a7cb ("net: phy: sftp: print debug message with text, not numbers")
      Signed-off-by: default avatarSean Anderson <sean.anderson@seco.com>
      Reviewed-by: default avatarAndrew Lunn <andrew@lunn.ch>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      25a9da66
    • Eric Dumazet's avatar
      net/sched: sch_taprio: properly cancel timer from taprio_destroy() · a56d447f
      Eric Dumazet authored
      There is a comment in qdisc_create() about us not calling ops->reset()
      in some cases.
      
      err_out4:
      	/*
      	 * Any broken qdiscs that would require a ops->reset() here?
      	 * The qdisc was never in action so it shouldn't be necessary.
      	 */
      
      As taprio sets a timer before actually receiving a packet, we need
      to cancel it from ops->destroy, just in case ops->reset has not
      been called.
      
      syzbot reported:
      
      ODEBUG: free active (active state 0) object type: hrtimer hint: advance_sched+0x0/0x9a0 arch/x86/include/asm/atomic64_64.h:22
      WARNING: CPU: 0 PID: 8441 at lib/debugobjects.c:505 debug_print_object+0x16e/0x250 lib/debugobjects.c:505
      Modules linked in:
      CPU: 0 PID: 8441 Comm: syz-executor813 Not tainted 5.14.0-rc6-syzkaller #0
      Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
      RIP: 0010:debug_print_object+0x16e/0x250 lib/debugobjects.c:505
      Code: ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 af 00 00 00 48 8b 14 dd e0 d3 e3 89 4c 89 ee 48 c7 c7 e0 c7 e3 89 e8 5b 86 11 05 <0f> 0b 83 05 85 03 92 09 01 48 83 c4 18 5b 5d 41 5c 41 5d 41 5e c3
      RSP: 0018:ffffc9000130f330 EFLAGS: 00010282
      RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000
      RDX: ffff88802baeb880 RSI: ffffffff815d87b5 RDI: fffff52000261e58
      RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
      R10: ffffffff815d25ee R11: 0000000000000000 R12: ffffffff898dd020
      R13: ffffffff89e3ce20 R14: ffffffff81653630 R15: dffffc0000000000
      FS:  0000000000f0d300(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000
      CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      CR2: 00007ffb64b3e000 CR3: 0000000036557000 CR4: 00000000001506e0
      DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
      DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
      Call Trace:
       __debug_check_no_obj_freed lib/debugobjects.c:987 [inline]
       debug_check_no_obj_freed+0x301/0x420 lib/debugobjects.c:1018
       slab_free_hook mm/slub.c:1603 [inline]
       slab_free_freelist_hook+0x171/0x240 mm/slub.c:1653
       slab_free mm/slub.c:3213 [inline]
       kfree+0xe4/0x540 mm/slub.c:4267
       qdisc_create+0xbcf/0x1320 net/sched/sch_api.c:1299
       tc_modify_qdisc+0x4c8/0x1a60 net/sched/sch_api.c:1663
       rtnetlink_rcv_msg+0x413/0xb80 net/core/rtnetlink.c:5571
       netlink_rcv_skb+0x153/0x420 net/netlink/af_netlink.c:2504
       netlink_unicast_kernel net/netlink/af_netlink.c:1314 [inline]
       netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1340
       netlink_sendmsg+0x86d/0xdb0 net/netlink/af_netlink.c:1929
       sock_sendmsg_nosec net/socket.c:704 [inline]
       sock_sendmsg+0xcf/0x120 net/socket.c:724
       ____sys_sendmsg+0x6e8/0x810 net/socket.c:2403
       ___sys_sendmsg+0xf3/0x170 net/socket.c:2457
       __sys_sendmsg+0xe5/0x1b0 net/socket.c:2486
       do_syscall_x64 arch/x86/entry/common.c:50 [inline]
       do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
      
      Fixes: 44d4775c ("net/sched: sch_taprio: reset child qdiscs before freeing them")
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Cc: Davide Caratti <dcaratti@redhat.com>
      Reported-by: default avatarsyzbot <syzkaller@googlegroups.com>
      Acked-by: default avatarVinicius Costa Gomes <vinicius.gomes@intel.com>
      Acked-by: default avatarDavide Caratti <dcaratti@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a56d447f
    • David S. Miller's avatar
      Merge branch 'bridge-fixes' · 64506cb9
      David S. Miller authored
      Eric Dumazet says:
      
      ====================
      net: bridge: br_get_linkxstats_size() fixes
      
      This patch series attempts to fix the following syzbot report.
      
      WARNING: CPU: 1 PID: 21425 at net/core/rtnetlink.c:5388 rtnl_stats_get+0x80f/0x8c0 net/core/rtnetlink.c:5388
      Modules linked in:
      CPU: 1 PID: 21425 Comm: syz-executor394 Not tainted 5.13.0-rc4-syzkaller #0
      Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
      RIP: 0010:rtnl_stats_get+0x80f/0x8c0 net/core/rtnetlink.c:5388
      Code: e9 9c fc ff ff 4c 89 e7 89 0c 24 e8 ab 8b a8 fa 8b 0c 24 e9 bc fc ff ff 4c 89 e7 e8 9b 8b a8 fa e9 df fe ff ff e8 61 85 63 fa <0f> 0b e9 f7 fc ff ff 41 be ea ff ff ff e9 f9 fc ff ff 41 be 97 ff
      RSP: 0018:ffffc9000cf77688 EFLAGS: 00010293
      RAX: 0000000000000000 RBX: 000000000000012c RCX: 0000000000000000
      RDX: ffff8880211754c0 RSI: ffffffff8711571f RDI: 0000000000000003
      RBP: ffff8880175aa780 R08: 00000000ffffffa6 R09: ffff88823bd5c04f
      R10: ffffffff87115413 R11: 0000000000000001 R12: ffff8880175aab74
      R13: ffff8880175aab40 R14: 00000000ffffffa6 R15: 0000000000000006
      FS:  0000000001ff9300(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
      CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      CR2: 00000000005cfd58 CR3: 000000002cd43000 CR4: 00000000001506f0
      DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
      DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
      Call Trace:
       rtnetlink_rcv_msg+0x44e/0xad0 net/core/rtnetlink.c:5562
       netlink_rcv_skb+0x153/0x420 net/netlink/af_netlink.c:2504
       netlink_unicast_kernel net/netlink/af_netlink.c:1314 [inline]
       netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1340
       netlink_sendmsg+0x856/0xd90 net/netlink/af_netlink.c:1929
       sock_sendmsg_nosec net/socket.c:654 [inline]
       sock_sendmsg+0xcf/0x120 net/socket.c:674
       ____sys_sendmsg+0x6e8/0x810 net/socket.c:2350
       ___sys_sendmsg+0xf3/0x170 net/socket.c:2404
       __sys_sendmsg+0xe5/0x1b0 net/socket.c:2433
       do_syscall_64+0x3a/0xb0 arch/x86/entry/common.c:47
       entry_SYSCALL_64_after_hwframe+0x44/0xae
      RIP: 0033:0x4440d9
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      64506cb9
    • Eric Dumazet's avatar
      net: bridge: fix under estimation in br_get_linkxstats_size() · 0854a051
      Eric Dumazet authored
      Commit de179966 ("net: bridge: add STP xstats")
      added an additional nla_reserve_64bit() in br_fill_linkxstats(),
      but forgot to update br_get_linkxstats_size() accordingly.
      
      This can trigger the following in rtnl_stats_get()
      
      	WARN_ON(err == -EMSGSIZE);
      
      Fixes: de179966 ("net: bridge: add STP xstats")
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Cc: Vivien Didelot <vivien.didelot@gmail.com>
      Cc: Nikolay Aleksandrov <nikolay@nvidia.com>
      Acked-by: default avatarNikolay Aleksandrov <nikolay@nvidia.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      0854a051
    • Eric Dumazet's avatar
      net: bridge: use nla_total_size_64bit() in br_get_linkxstats_size() · dbe0b880
      Eric Dumazet authored
      bridge_fill_linkxstats() is using nla_reserve_64bit().
      
      We must use nla_total_size_64bit() instead of nla_total_size()
      for corresponding data structure.
      
      Fixes: 1080ab95 ("net: bridge: add support for IGMP/MLD stats and export them via netlink")
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Cc: Nikolay Aleksandrov <nikolay@nvidia.com>
      Cc: Vivien Didelot <vivien.didelot@gmail.com>
      Acked-by: default avatarNikolay Aleksandrov <nikolay@nvidia.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      dbe0b880
    • Hayes Wang's avatar
      r8152: avoid to resubmit rx immediately · baf33d7a
      Hayes Wang authored
      For the situation that the disconnect event comes very late when the
      device is unplugged, the driver would resubmit the RX bulk transfer
      after getting the callback with -EPROTO immediately and continually.
      Finally, soft lockup occurs.
      
      This patch avoids to resubmit RX immediately. It uses a workqueue to
      schedule the RX NAPI. And the NAPI would resubmit the RX. It let the
      disconnect event have opportunity to stop the submission before soft
      lockup.
      Reported-by: default avatarJason-ch Chen <jason-ch.chen@mediatek.com>
      Tested-by: default avatarJason-ch Chen <jason-ch.chen@mediatek.com>
      Signed-off-by: default avatarHayes Wang <hayeswang@realtek.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      baf33d7a
    • Jakub Kicinski's avatar
      etherdevice: use __dev_addr_set() · 3f6cffb8
      Jakub Kicinski authored
      Andrew points out that eth_hw_addr_set() replaces memcpy()
      calls so we can't use ether_addr_copy() which assumes
      both arguments are 2-bytes aligned.
      Reported-by: default avatarAndrew Lunn <andrew@lunn.ch>
      Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      3f6cffb8
  4. 04 Oct, 2021 1 commit
  5. 02 Oct, 2021 4 commits
  6. 01 Oct, 2021 8 commits